Unrated severityNVD Advisory· Published Jun 15, 2015· Updated May 6, 2026

CVE-2015-4163

Description

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.

Affected products

Xen/Xen11 versions
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
osv-coords4 versions
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.4.2_06-21.1+ 3 more
- (no CPE)range: < 4.4.2_06-21.1
- (no CPE)range: < 4.4.2_06-21.1
- (no CPE)range: < 4.4.2_06-21.1
- (no CPE)range: < 4.4.2_06-21.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000